Polish game developer CD Projekt, known for its titles Cyberpunk 2077 and the Witcher saga, announced this morning (09) that it was infected by ransomware, which has compromised some of its internal systems, in addition to encrypting various devices on its network. The company posted a clarification note on Twitter, as well as the ransom note left by cybercriminals.
Cybercriminals are threatening to leak the source code of the compromised games if CD Projekt does not accept paying for the ransom. The developer, however, informs that it will not negotiate with ransomware operators and that it has already called the responsible authorities.
“We have already approached the relevant authorities, including law enforcement officials and the President of the Office of Personal Data Protection, as well as forensic IT specialists, and we will cooperate closely with them to fully investigate this incident,” writes CD Projekt in the statement. .
By deciding not to pay for data redemption, the company also warned that data such as the source code of the games it develops, eventually they can be poured, but reassures users, saying that cybercriminals have not accessed personal data.
“We will not yield to the demands or negotiate with the actor, being aware that this may eventually lead to the release of the compromised data. We are taking the necessary steps to mitigate the consequences of such a release, in particular addressing any parties that may be affected due to the breach […] The compromised systems did not contain any personal data of our player or users of the services”, Writes the company.
The ransom note left by ransonware operators says:
“Hello CD PROJEKT. You have been EPICALLY overpowered! We dumped FULL copies of the source codes from your Perforce server for Cyberpunk 2077, Witcher 3, Gwent and the unreleased version of Witcher 3 !!! We also discard all of your documents related to accounting, administration, legal, HR, investor relations and more! In addition, we encrypt all of your servers, but we understand that you can probably use backups to recover. If we do not reach an agreement, your source codes will be sold or leaked online and your documents will be sent to our gaming journalist contacts. Your public image will fall even more and people will see how you ruin your company’s functions. Investors will lose confidence in your company and stocks will fall even more! You have 48 hours to contact us. ”
This is the second time that CD Projekt has suffered a ransomware attack. In June 2017, the company also notified the Twitter who had been the target of an attack that encrypted internal data. CD Projekt also said it did not pay the ransom at the time.
Check out the CD Projekt announcement published this Tuesday (09):
Important Update pic.twitter.com/PCEuhAJosR
– CD PROJEKT RED (@CDPROJEKTRED) February 9, 2021
